PRIVACY & COOKIE POLICY

Last updated: 08/02/2024

Privacy Policy

Celtic & Co., including the website at www.celticandco.com and related mobile applications, is owned and operated by Celtic Sheepskin and Co. Ltd registered under company number 08860746 with its registered office address at Units 2 & 2a Indian Queens Industrial Estate, Indian Queens, St. Columb, England, TR9 6TF (“Celtic & Co”, “we”, “us” or “our” in this policy). We are a member of the Refined Brands Group.

We are committed to protecting your privacy. It is important that you understand how we look after your personal information and how we make sure that we meet our legal obligations to you under the data protection rules and regulations in the relevant territory. This privacy policy describes how Celtic & Co. will collect, use, store and share your personal information.

For the purposes of data protection laws, we are a ‘controller’ of your personal information which means we decide why and how it is processed. It also means we are responsible for that processing, which extends to those of our subcontractors who process your information based on our instructions.

Where your personal information is collected and sent to other organisations for processing in such a way that we make decisions together over that particular processing, we will be ‘joint controllers’ with the organisations involved. As joint controllers, we and the other organisations involved in making these decisions will be jointly responsible to you under data protection laws for this processing. In other circumstances, the organisation receiving your information will be separately responsible to you and use your personal information in the ways described in its privacy statement (and not ours).

Details of our Data Protection Team responsible for overseeing questions in relation to this policy, and our details are set out in the “How to Contact Us” section at the end of this notice.

This policy was last updated on the date that appears at the beginning of the policy.

GROUP OVERVIEW

INFORMATION COLLECTION, PURPOSE AND SHARING

DATA WE COLLECT

DATA WE RECEIVE

LAWFUL BASES

SHARING YOUR DATA

OUR USE OF SOCIAL MEDIA

TRANSFERRING YOUR PERSONAL INFORMATION OUTSIDE THE UK

HOW WE KEEP YOUR PERSONAL INFORMATION SECURE

YOUR RIGHTS

CHANGING YOUR PREFERENCES

CHANGES

CONTACT US

GROUP OVERVIEW

Refined Brands Group is a collection of companies championing sustainable, ethical fashion. As a group we aim to increase the use of high quality natural and recycled fibres to minimise the impact fashion has on our planet. Data may be shared between members of the group as outlined in this privacy policy.

The controller of your information for the purposes of the data protection laws is Celtic & Co.

Call us on +44 (0)333 400 0044
(Mon-Fri: 9am-5pm)
Email us at: dataprotection@celticandco.com

Write to us at:
The Data Protection Team,

Celtic & Co.,
Units 2 & 2A Lodge Way,
Indian Queens Industrial Estate,
Saint Columb,
Cornwall,
TR9 6TF
United Kingdom

Our brands each have their own websites. This central policy provides information to you about the basis on which Celtic & Co. collects, uses, stores and shares your information. We will use your personal information fairly, lawfully and in a transparent manner and in accordance with applicable data protection laws.

INFORMATION COLLECTION, PURPOSE AND SHARING

We collect information when you register online or update your account, log-in, place an order, and when communicating online with our customer service representatives. This information may include your name, email address, billing / shipping addresses and phone number. Data is used to verify the payment, delivery, returns or refunds assigned to your orders. If you create an online account, you also have the option of providing your product preferences and demographic information.

The contact information we collect is used for promotional and marketing activity, to include customer opt-in to receive our emails, request a catalogue, participate in a sweepstake, special offers, contest, promotion or survey, or join our social networking sites. This will include the use of a customer's name, home address and/or email address.

Data retrieved can be used to improve products and services provided by our website, marketing and customer service teams and tailor this to you and your preferences.

With the purpose of ensuring a smooth and efficient management of any registered account(s) a customer may hold with Celtic & Co., our customer service team are able to access specific information provided by a customer to include name, email address, billing / shipping addresses and phone number to aid their interaction.

If you have entered a competition with one of our friends or partners, and have said that you would like to hear from us, they may have sent us your details so that we can get in touch with you. We work with third party data co-operative partners who provide us with personal information for individuals who may be interested in our products. We will only contact you in ways applicable data protection laws allow.

In some cases information is retained and shared with authorities for crime and fraud prevention, detection and related purposes.

There may be times where we have a legal need or duty to disclose information (for example in relation to an investigation by a public authority or in a legal dispute).

DATA WE COLLECT

In order to process your orders, send you email confirmations of your order and communications with key information about your membership with our loyalty programme, send you parcels, verify your payment details, or process returns and refunds, we may use your name, address, email address and payment card information. If you submit your mobile phone number we will use this to provide courier updates. (contractual performance).

We collect and use personal information relating to your participation in any loyalty programmes we run from time to time including the period of your participation, the number of points and other benefits you have earned and details of when you have earned them, the points and other rewards you have redeemed and when you have redeemed them ( contractual performance; legitimate interests), we also send promotional information to you about the Refined Brands Group and other commercial partners of such programmes, including by email (legitimate interest; consent).

We like to keep you up to date with information about Celtic & Co and its group companies so from time to time we’ll send you catalogues, special offers and promotions by post, email or SMS messages using your name, address, email address, and/or mobile number (consent where you choose to opt-in; legitimate interest in all other cases).

We use contact details and other personal information to contact you with targeted advertising delivered online through social media, search engines, third party websites and applications and other platforms operated by other companies, unless you object. You may receive advertising based on information about you that we have provided to the platform or allowed it to collect using cookies on our website or code in our applications (or a combination of the two). You may also receive advertising because, at our request, the platform has identified you as falling within a group whose attributes we have selected or a group that has similar attributes to the individuals whose details it has received from us (or a combination of the two). This includes the collection, sharing, and use of personal information for personalisation of ads in connection with Google advertising products that we use. To find out more, please refer to the information provided in the help pages of the platforms on which you receive advertising from us. Please also see the section below for further information regarding our use of social media platforms specifically ( legitimate interests; consent);

We also use your name, address, email address and payment card information for fraud prevention purposes. (legitimate interest).

We use your name, address, email address and telephone number in order to respond to your queries (contractual performance; legitimate interest). We may also keep a record of these to inform any future communication with us and maintain our high service levels.

We collect personal information from essential cookies ( legal obligation; legitimate interests) and non-essential cookies (consent).

We may use your email address, postcode and date of birth to send you survey and feedback requests to help improve our services. (legitimate interest).

Sometimes, we may need to use your name, email address and/or address to send you communications that are required by law or necessary to inform you about our changes to the services we provide you (legal obligation; contractual performance).

In order to improve our products and services, we may use your personal information to invite you to participate in market research (legitimate interest).

Celtic & Co. may share your information between relevant companies within the group in order to introduce you to relevant products and services and for segmentation, analytics, content (including ad content) personalisation and business planning purposes. If we share information with any of our group companies for them to communicate marketing information to you, they will contact you by post or telephone to the extent permitted by law (legitimate interest).

You may opt-in to receive text messages from us. When you sign up to receive text messages, we will send you information about promotional offers and more. These messages may use information automatically collected based on your actions while on our sites and may prompt messaging such as cart abandon messages. To the extent you voluntarily opt to have Text notifications sent directly to your mobile phone, we receive and store the information you provide, including your telephone number or when you read a text message. You may opt out of receiving text messages at any time by texting “STOP” to our text messages.

If you’ve signed up to receive text messages from us either via our website or by sending a text message indicating your consent, you are providing your prior express written consent to receive recurring marketing or promotional Text messages from us. We will send you information about promotional offers and more. These messages may use information automatically collected based on your actions while on our sites and may prompt messaging such as cart abandon messages. To the extent you voluntarily opt to have Text notifications sent directly to your mobile phone, we receive and store the information you provide, including your telephone number or when you read a text message ( consent).

We like to know your birthday so we can help you celebrate with a special offer (legitimate interest). This is entirely optional.

We always need to confirm that you’re over 18 so that we can enter into a contract binding on you (legitimate interest).

We do not knowingly collect any personal information from a child under 16. We do not sell products for purchase by children and all children's products we sell are for purchase by adults only. We require customers to verify that they are 18 or over before we can process an order, and customers must verify that they are 18 or over before speaking to our Customer Service team

We may use your date of birth data for fraud prevention and detection, and research purposes (legitimate interests).

We keep records of our live chats, telephone calls, emails and postal correspondence from you so we can provide you with great customer service (contractual performance; legitimate interests). We may also use this data for staff training (legitimate interests).

We use information about your device and how you use our website (including your IP address, device type) to continuously improve our website, to set default options for you, and to show you the correct content (for example language and currency). We may also use it to develop, test and improve the systems, services and products we provide to you by say, recording your browser’s Session ID to help us understand more when you leave us online feedback about any problems you’re having. This data is also used to prevent and detect fraud. We collect your IP address to learn more about how you use our website. IP address data allows us to analyse site usage and visitor numbers and see how our advertising performs (so we can understand what you like). We also use this information to improve our website, which makes our marketing more relevant to give you the best experience we can (legitimate interests).

When you participate in a competition, survey or promotion, we use your data to run the activity. We may also use this data in order to fulfil your prize if you’re a winner (contract; legitimate interest).

If you interact with us on social media, we use your social media username or identifier to help us respond to your comments, questions or feedback (legitimate interest).

There may be situations where we are legally required to share your personal information, for example, when a court order is submitted to share it with law enforcement agencies or a court of law (legal obligation).

Every now and then, we love to surprise and delight our customers by sending unexpected presents or treats. We may use your name and address to do this (legitimate interest).

If you place an order on behalf of another person (for example, if you buy a gift for another person and provide their name and address for delivery), please ensure you have obtained their permission before agreeing for them to receive marketing from Celtic & Co. during checkout.

If you don’t want to give us your data, you don’t have to. However, if you don’t, you may not be able to buy products from our website or catalogue, sign up to our mailing lists or communicate with us effectively.

DATA WE RECEIVE

We may receive personal information from the following third parties:

We may receive your data from the following data brokers, where these brokers will have received your name from another company that has indicated you do not mind receiving catalogues from third parties. You can ask us to remove you from these mailing lists at any time by contacting our customer services team or using this unsubscribe page.

Epsilon Abacus
Visit: Privacy Policy

Experian
Visit: Privacy Policy

Choreograph

Visit: Privacy Policy

I-Behaviour

Visit: Privacy Policy

We may receive your information from third parties such as fraud detection agencies to verify your details when transacting with us.

We may have obtained your contact details, including your address, if another person has placed an order and asked for it to be delivered to you.

We may receive your details if you take part in a competition run by one of our partners and indicate that you would be happy to receive communications from us.

We work with Epsilon Abacus (a trading name of Epsilon International UK Ltd), a company that manages the Abacus Alliance on behalf of UK retailers and charities. The participating retailers are active in the clothing, collectables, food & wine, gardening, gadgets & entertainment, health & beauty, household goods, home interiors and travel categories.

We may receive your information from social media platforms, including as a result of our use of social media listening tools which provide us with insight regarding attitudes towards our brands and business.

LAWFUL BASES

General

Celtic & Co. requires a legal reason (known as a ‘lawful basis’) to collect and use your personal information.

We have listed above opposite each purpose the lawful basis on which we rely, but in summary these are to:

pursue our or another person’s legitimate interests (as set out below);

perform obligations under a contract for the sale of goods with you or to take pre-contract steps you have requested; or

comply with our legal obligations.

Our Legitimate Interests

The most common legal basis on which we rely to process your personal information, is that it is necessary for our or another person’s legitimate interests. In the case of Celtic & Co., these legitimate interests are:

Selling and supplying goods and services to our customers;

Protecting customers, employees and other individuals and maintaining their safety, health and welfare;

Promoting, marketing and advertising our products and services;

Sending promotional communications which are relevant and tailored to individual customers. Our communications are designed to tell you about the benefits we can offer, so that you have exclusive access to our best deals. We use the information we have about you to tailor the content and try to ensure that the offers are as relevant to you as possible;

Understanding our customers’ behaviour, activities, preferences, and needs;

Improving existing products and services and developing new products and services;

Complying with our legal and regulatory obligations;

Preventing, investigating and detecting crime, fraud or anti-social behaviour and prosecuting offenders, including working with law enforcement agencies;

Handling customer contacts, queries, complaints or disputes;

Managing insurance claims by customers;

Protecting Celtic & Co., its employees and customers, by taking appropriate legal action against third parties who have committed criminal acts or are in breach of legal obligations to Celtic & Co.;

Effectively handling any legal claims or regulatory enforcement actions taken against Celtic & Co.;

Fulfilling our duties to our customers, colleagues, shareholders and other stakeholders; and

Operating the administrative and technical aspects of our business efficiently and effectively.

Consent

Where you have opted-in to receive, we will rely on consent to send you marketing communications provided you have not told us that you wish to unsubscribe.

You have the right to withdraw your consent to processing of this nature at any time by contacting the relevant brand's customer care team or by using the unsubscribe option in the messages you receive from us.

SHARING YOUR DATA

Our group companies

We will share your information with other members of our corporate group, the Refined Brands Group but only for the purposes specified in this privacy policy. In particular:

We will share your information with other members of the Refined Brands Group where we have a legitimate interest, or you have consented for us to do so for the purposes of receiving marketing from those other members of the Refined Brands Group;

We will share your information with other members of the Refined Brands Group for analysis and management reporting purposes, to improve our products and services.

Service providers

We may disclose your personal information to our service providers for the purposes of providing services to us or directly to you on our behalf, including the operation and maintenance of our website and social media pages. We only allow our service providers to handle your personal information when we have confirmed that they apply appropriate data protection and security controls and we have put in place a contract with them that requires them to keep your information safe and secure.

We may disclose your information to our third party service providers, agents and subcontractors (Suppliers). Our Suppliers can be categorised as follows:

Service provider Industry sector (& sub-sector)
Advertising, PR, digital and creative agencies Media (Advertising & PR)
Banks, payment processors and financial services providers Finance (Banking & Payment Processing)
Cloud software system providers, including database, email and document management providers IT (Cloud Services)
Customer care/services providers Customer Services (Support)
Delivery and mailing services providers Logistics (Delivery Service)
Facilities and technology service providers including scanning and data destruction providers IT (Data Management)
Social media platforms Media (Social Media)
Online review platform providers IT (Content Platform)
Gift card service providers Customer Services (Support)
Health and safety claims administrators and consultants Health & Safety (Claims)
Insurers and insurance brokers Insurance (Underwriting & Broking)
Legal, security and other professional advisers and consultants Professional Services (Legal & Accounting)
Market and customer research providers Media (Market Resarch)
Website and data analytics platform providers IT (Data Analytics)
Website and App developers IT (Software Development)
Website hosting services providers IT (Hosting)

Aside from our service providers, Celtic & Co. will not disclose your personal information to any third party, except as set out below. Trustpilot

We may contact you via email to invite you to review any services and/or products you received from us in order to collect your feedback and improve our services and products. We use an external company, Trustpilot A/S, to collect your feedback which means that we will share your name, email address and reference number with Trustpilot for this purpose. If you want to read more about how Trustpilot processes your personal information, please see the Trustpilot Privacy Policy  here.

We may also use such reviews in other promotional material and media for our advertising and promotional purposes ( legitimate interests).

Other third parties

We may disclose the personal information to other third parties, as follows:

Similar companies to those in the Refined Brands Group whose products we think will be of interest to you. We send a single catalogue to their customers and in return they can send a single catalogue to our customers. (legitimate interests; consent).

The data providers and brokers listed below with whom we may share your information data for their use to help direct marketing organisations such as ourselves better understand the likely characteristics of their customers, communicate with them more effectively, and also identify prospective customers. This should mean that you receive direct marketing that is more relevant to you (legitimate interest; consent).

To understand more please click through to the websites of the companies below:

Epsilon Abacus
Visit: Privacy Policy

Experian
Visit: Privacy Policy

Choreograph
Visit: Privacy Policy

I-Behaviour
Visit: Privacy Policy

Other:

Payment and Fraud Prevention providers - Adyen are the data controller in respect of the Personal Information that you give to them (and which they hold about you) when you sign up for, access, or use services, features, technologies or functions offered on the Adyen website (including when using Adyen to pay for goods or services offered on the Cetlic & Co. website) and in relation to Personal Information collected during the course of business as set out in their Privacy Policy ( Adyen privacy policy) (contractual performance).

Social media platforms with whom we work, including for the purposes of online behavioural advertising (see further ‘Our use of social media’ below) ( legitimate interest; consent);

Payment and Credit Agencies (contractual performance)

Credit reference agencies where necessary for card payments (contractual performance)

Governmental bodies, regulators, law enforcement agencies, courts/tribunals and insurers where we are required or requested to do so (legitimate interests; legal obligation):

to comply with our legal obligations;

to exercise our legal rights (for example in court cases);

for the prevention, detection, investigation of crime or prosecution of offenders;

for the protection of our employees and customers;

Sale of Business Assets - Upon any sale of our business assets to another company our data records will be included. (legal obligation)

Competition Partners (consent)

Email and SMS providers (consent)

Delivery Partners (e.g Royal Mail, DPD, Evri) (contractual performance)

Global logistics partner for international order fulfilment "Global-e" (contractual performance)

OUR USE OF SOCIAL MEDIA

We use a number of different social media platforms to communicate with you and to promote products and services. We process your personal information using these platforms in a variety of ways, as follows:

Pages/accounts. We use your personal information when you post content or otherwise interact with us on our official pages and accounts on Facebook, Instagram, Pinterest, LinkedIn, YouTube, TikTok and other social media platforms. We also use the Page Insights service for Facebook, Instagram and LinkedIn to view statistical information and reports regarding your interactions with the pages and accounts we administer on those platforms and their content. Where those interactions are recorded and form part of the information we access through these Page Insights services, we and the relevant platform are joint data controllers of the processing necessary to provide that service to us. Please see the beginning of this privacy policy for more information about our joint data controller arrangements.

Cookies. We use cookies and similar technologies in our website to collect and send information to Meta, LinkedIn and Pinterest about actions you take on our website and applications. In particular:

  • Meta (who operates the Facebook and Instagram platforms) and Pinterest use this information to provide services to us and also for further processing for their own business purposes. We and each of these platforms are joint data controllers of the processing involved in collecting and sending your personal information to these platforms using cookies and similar technologies as each of us has a business interest in the platforms receiving this information. You can find out more about these technologies by visiting our Cookies Policy.
  • The services we receive from Meta that use the information above are delivered to us through Meta Business Tools, which include Meta Pixel, Social Plugins, Website Custom Audiences and Conversions API (CAPI). The services we receive from Pinterest that use the information above are delivered to us through Pinterest’s Ad Services including Pinterest Tag and Pinterest API. These tools allow us to target advertising to you within Meta’s and Pinterest’s respective social media platforms by creating audiences based on your actions on our website and allow these platforms to improve and optimise the targeting and delivery of our advertising campaigns for us.
  • We use LinkedIn Insight Tag, a small piece of code that we embed in our websites that allows us to perform in-depth campaign reporting and unlock insights about users that may visit our websites via our LinkedIn campaigns (e.g. by allowing us to discover business demographics by layering LinkedIn data on data about our website visitors). LinkedIn Insight Tag enables the collection of metadata such as IP addresses, timestamps, and events such as page views. You can find out more about these technologies by visiting our Cookie Policy.
  • You can opt-out of online behavioural advertising by using the AdChoices tool at optout.aboutads.info or by adjusting your mobile ad identifier settings, or your personalisation settings within your account on the relevant social media platform.

Our relationship with Meta, LinkedIn and Pinterest. As we are joint controllers with these platforms for certain processing, we and each platform have:

entered into agreements in which we have agreed each of our data protection responsibilities for the processing of your personal information described above;

agreed that we are responsible for providing to you the information in this policy about our relationship with each platform; and

agreed that each platform is responsible for responding to you when you exercise your rights under data protection law in relation to that platform’s processing of your personal information as a joint controller.

Meta and LinkedIn also process, as our processor, contact information that we submit for the purposes of matching, online targeting, measurement, reporting and analytics purposes. These services include the processing those platforms carry out when they display our advertisements to you in your news feed at our request after matching contact details for you that we have uploaded to a platform operated by those platforms. These advertisements may include forms through which we collect contact information you give to us.

Further information. The Meta company that is a joint controller of your personal information is Meta Platforms, Inc., 1601 Willow Road, Menlo Park, CA 94025, USA. The LinkedIn company that is a joint controller of your personal information is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. The Pinterest company that is a joint controller of your information is Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland. For further information regarding Meta and its use of your personal information, please see:

Meta’s Controller Addendum for Page Insights and UK Controller Addendum for Business Tools,LinkedIn’s Page Insights Joint Controller Addendum and Pinterest’s Advertising Services Agreement, including Data Sharing Addendum and Joint Controller Addendum which include information regarding how our and those platforms’ responsibilities to you are allocated as controllers of your personal information;

Meta’s Privacy Center including its Privacy Policy, LinkedIn’s Privacy Policy and Pinterest’s Privacy Policy which include details of the legal reasons (known as ‘lawful bases’) on which each platform relies to process your personal information, together with details regarding your data protection rights; and

Meta’s help pages regarding its Page Insights and Business Tools and its terms and conditions relating to those tools.

LinkedIn’s help pages regarding its Page Insights and its terms and conditions relating to its advertising services, including LinkedIn Insight Tag.

Our relationship with Tiktok. To find out more about our relationship with TikTok, please see the terms of the data sharing arrangement we have with TikTok and the TikTok Privacy Policy.


TRANSFERRING YOUR PERSONAL INFORMATION OUTSIDE THE UK

Your personal information may be transferred to countries outside the UK. Those countries may not have similar data protection laws to the UK and so may not protect the use of your personal information to the same standard.

Where we transfer your information outside of the UK, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this policy. These steps include imposing contractual obligations on the recipient of your personal information using standard clauses issued by the UK Information Commissioner’s Office and related regulations issued by the relevant UK Secretary of State declaring that a recipient or country is adequately protective of personal information to a degree that allows us to safely transfer your personal information to that recipient or country. This includes any international frameworks that allow recipients to certify that they can receive your personal information safely and process it in a way that is protected to an equivalent standard to that in the UK.

Please contact us using the details at the end of this policy for more information about the protections that we put in place and to obtain a copy of the relevant documents.

If you use our services whilst you are outside the UK, your information may be transferred outside the UK in order to receive those services.

HOW LONG DO WE KEEP YOUR PERSONAL INFORMATION?

Celtic & Co. retains your account information for up to 6 years from the end of the year in which your account closes and order information for 12 years from the end of the year in which you place your last order. This is so we can comply with our legal and contractual obligations, establish, bring and defend legal claims and use your information for analytics and business planning purposes.

The only exceptions to the period mentioned above are where:

  • you exercise your right to have the information erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted or required under the law;
  • you exercise your right to require us to retain your personal information for a period longer than our stated retention period;
  • we bring or defend a legal claim or other proceedings during the period we retain your personal information, in which case we will retain your personal information until those proceedings have concluded and no further appeals are possible;
  • we archive your personal information, in which case we will delete it in accordance with our routine deletion cycle based on good industry practice; or
  • in limited cases, existing or future law or a court or regulator requires us to keep your personal information for a longer or shorter period, or we are reasonably requested to do so by law enforcement authorities.

HOW WE KEEP YOUR PERSONAL INFORMATION SECURE

Celtic & Co. is committed to keeping your personal information safe and secure.

Our security measures include:

Encryption of data;

Regular scenario planning and crisis management exercises to ensure we are ready to respond to cyber security attacks and data security incidents;

Security controls which protect Celtic & Co. IT infrastructure from external attack and unauthorised access; and

Internal policies setting out our data security approach and training for employees.

Credit card encryption

We accept online payment in a secure environment using Secure Socket Layering technology (SSL). All of the information sent to us as you browse our site, including payment and address information, is encrypted to safeguard your details. Encryption prevents other internet users from accessing this information. You can check that you are shopping in a secure environment by looking for either a locked padlock icon or an image of a key in the grey bar at the bottom of your screen.

The encryption technique we use is the highest standard available for e-commerce and is certified by Thawte, part of the Verisign group - the world's most respected certification body for Internet firms. If you have questions regarding our credit card security policies, please call us on 0333 400 0044.

Celtic & Co. will never ask you to confirm any bank account or credit card details via email. If you receive an email claiming to be from a company with Celtic & Co. asking you to do so, please ignore it and do not respond. If you are using a computing device in a public location, we recommend that you always log out and close the website browser when you complete an online session.

In addition, we recommend that you take the following security measures to enhance your online safety both in relation to Celtic & Co. and more generally:

Keep your account passwords private. Remember, anybody who knows your password may access your account.

When creating a password, use at least 8 characters. A combination of letters and numbers is best. Do not use dictionary words, your name, email address, or other personal information that can be easily obtained. We also recommend that you frequently change your password. You can do this within your account section on our website.

Avoid using the same password for multiple online accounts.

YOUR RIGHTS

You have a number of rights in relation to your personal information under data protection laws. In relation to certain rights, we may ask you for information to confirm your identity and, where applicable, to help us to search for your personal information. Except in rare cases, we will respond to you within 1 month from either:

the date that we have confirmed your identity; or

where we do not need to do this because we already have this information, from the date we received your request.

Password-protected accounts – if you have a password-protected account with us, we will use password authentication to verify you. If your request is for the deletion of personal information, we will need to re-verify you before we delete your information.

You have the following rights, some of which may only apply in certain circumstances:

The right to ask what personal information we hold about you and obtain a copy, together with certain privacy information.

The right to ask us to update and correct any out-of-date or incorrect personal information that we hold about you.

  • The right to ask us to stop or pause processing your data, erase your data or amend your data. Please get in touch with us via any of the methods listed in our Contact Us section if you’d like us to do any of these things, and as far as we’re able to (when taking into account our own legal obligations) we’ll make it happen. You can also amend your own personal information by accessing ‘Your Account’ on our website.
  • The right to withdraw your consent at any time. If you withdraw your consent, this will not affect the lawfulness of our processing whilst we had your consent.
  • The right to object certain processing activities. Where we rely on our legitimate interests as the lawful basis for processing your personal information for particular purposes, you may object to us using your personal information for these purposes. Except for the purposes for which we are sure we can continue to process your personal information, we will temporarily stop processing your personal information in line with your objection until we have investigated the matter. If we agree that your objection is justified in accordance with your rights under data protection laws, we will permanently stop using your data for those purposes. Otherwise we will provide you with our justification as to why we need to continue using your data.
  • The right to stop receiving direct marketing. Just ask us to take you off the list, via any of the methods in our Contact Us section.
  • The right of portability over your data (i.e. you can ask us to pass the data we hold on you to a third party in machine-readable format). Let us know if you want us to do this using the details in our Contact Us section.

You may have the right not to be subject to a significant decision made about you based solely on automated processing. However, we do not currently process your personal information to make such decisions about you and will update this policy and notify you if that changes.

If you have any complaints, you can contact us (see details below) and we’ll do our utmost to get to the bottom of things. If, after contacting our Data Protection Team you feel your complaint has not been dealt with satisfactorily, you have the right to contact the supervisory authority. The supervisory authority for data protection in the UK is the Information Commissioner’s Office (ICO) which you can contact on 0303 123 1113 or via their website at ico.org.uk.

To make such a request, please contact us via any of the methods listed in the ‘Contact Us’ section.

If you have any queries about your data protection rights, please contact our Data Protection Team using the details listed in the Contact Us section.

CHANGING YOUR PREFERENCES

Emails: If you no longer wish to receive emails from us or a member of the Refined Brands Group, please either click the ‘Unsubscribe’ button on an email that you receive from us, contact the relevant brands Customer Services or visit the relevant preference centre page listed at the top of this privacy policy. It may take up to five working days to unsubscribe you.

Posted Mailing: If you do not wish to receive any further posted mailings from us get in touch with us via any of the methods in our Contact Us section. Our catalogues are printed in advance so it can take up to 1 month for your unsubscribe to take effect.

Third Parties: If you don’t want us to share your data with third parties, you can change this at any time by contacting us via any of the methods in our Contact Us section.

SMS: You may opt out of receiving text messages at any time by texting “STOP” to our text messages. Or tell us via any of the methods in our Contact Us section.

CHANGES

We may make changes to this policy at any time by sending you an email with the modified terms or by posting a copy of them on the website. Unless we notify you otherwise, any changes will take effect 7 days after the date of our email or the date on which we post the modified terms on the website, whichever is the earlier.

CONTACT US

If you have any questions or concerns about our use of cookies or your privacy when using this website, please contact us using the details below.

Call us on +44 (0)333 400 0044
(Mon-Fri: 9am-5pm)

Email us at: dataprotection@celticandco.com Write to us at:
The Data Protection Team, Celtic & Co.,
Units 2 & 2A Lodge Way,
Indian Queens Industrial Estate,
Saint Columb,
Cornwall,
TR9 6TF
United Kingdom

You have the right to lodge a complaint with the Information Commissioner’s Office. Further information, including contact details, is available at https://ico.org.uk

Cookies Policy

Our websites uses cookies to distinguish you from other users. Some cookies are essential to the operation of our website. Others are not but help us to provide you with a better experience when you browse our website and allow us to improve it. In this Cookies Policy you will find information on what cookies may be set when you visit our website and the purposes for which we use those cookies.

This policy was last updated on the date that appears at the beginning of the policy.

WHAT ARE COOKIES?

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us from our website’s domain name are called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts.

COOKIE SETTINGS

When you first visit our website, we only set essential cookies on your device unless you consent to all cookies, or select your own cookie preferences. Please see further ‘How to control and delete cookies’ below regarding the ways you can control or delete the cookies we use.

Certain cookies we use are essential for the website to work. For example, when you visit our website for the first time, we present you with a pop-up message notifying you about our use of cookies. We had to use a cookie to remember that we have presented this notice to you. See the table below for further details of essential cookies.

In relation to all other types of cookies we use, by clicking the relevant button on the banner that pops up when you visit our webite, you are agreeing to our use of non-essential cookies in the manner described in this Cookies Policy. If you do not provide your consent using that banner, we will not set these cookies on your device.

If you provide your consent in relation to any non-essential cookies, you will also be providing your consent for us and the relevant third parties that use those cookies to use your personal information in the ways set out in our Privacy Policy.

You can withdraw your consent at any time by using the relevant option on our website. The cookie files may remain on your device after you have opted-out of using them.

2.6 If you withdraw your consent for us to use optional cookies, the consent you have given us to use any personal information we collect using those cookies will also be withdrawn. Please see our Privacy Policy for further details.

2.7 Please see further How to control and delete cookies below regarding the ways you can control or delete the cookies we use.

THE PURPOSES FOR WHICH WE USE COOKIES

We use cookies and other tracking technologies for the following purposes: